summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-11-22 22:03:28 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2011-11-22 22:03:28 +0100
commit92cb17e05cecb4093ee9e189347ba66b8844528a (patch)
tree7129cf8b6398e67276a17856804d4a157c4b7fa1 /enter_bug.cgi
parentBug 680771 - Send X-XSS-Protection header for XSS prevention/blocking (diff)
downloadbugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.gz
bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.bz2
bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.zip
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'enter_bug.cgi')
-rwxr-xr-xenter_bug.cgi2
1 files changed, 1 insertions, 1 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi
index 4ef886741..2337de120 100755
--- a/enter_bug.cgi
+++ b/enter_bug.cgi
@@ -207,7 +207,7 @@ $vars->{'qa_contact_disabled'} = !$has_editbugs;
$vars->{'cloned_bug_id'} = $cloned_bug_id;
-$vars->{'token'} = issue_session_token('createbug:');
+$vars->{'token'} = issue_session_token('create_bug');
my @enter_bug_fields = grep { $_->enter_bug } Bugzilla->active_custom_fields;